Your application sets a cookie with Secure attribute. What does this mean?

The session ID must be renewed after...

Your web server supports secure (HTTPS) connections. By design, which of the following is the best way to make sure a client will not accidentally request a page over non-secure HTTP connection?

Your application performs logging queries after certain events. Timestamp, IP address, POST payload and a type of action will be saved to a MySQL database. Is it possible for an adversary to bypass this logging query by sending specifically crafted POST payload?

You use a 104-bit, cryptographically strong, random number (hexadecimal encoded, for example) as your password on a web site which stores passwords as plain MD5 hashes: md5 (password). Is it safe to assume your password will be safe if the user database leaks?

You are running Apache + PHP server. PHP runs as an Apache module:

AddHandler php5-script .php

You allow users to upload avatar images (in PNG format). Avatar filename is allowed to contain characters: "a-z0-9.-".

Is it safe to assume you are secure against PHP code execution launched via uploaded files?

Your PHP application reads user submitted XML documents using DOM. You fetch certain element values from the XML:

$doc = new DOMDocument();

$doc->loadXML($xml);

$params = $doc->getElementsByTagName('parameters');

You display some of those parameters on the user's account settings page. Is it possible to exploit this scenario with a maliciously crafted XML document?